Date: Tue, 16 Feb 2016 14:42:50 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 207087] kernel: r295285 in 10.2-STABLE breaks OpenVPN functionality Message-ID: <bug-207087-8-VCh1EUJzBe@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-207087-8@https.bugs.freebsd.org/bugzilla/> References: <bug-207087-8@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207087 --- Comment #38 from g_amanakis@yahoo.com --- I think the problem lies here: =======8<======== ip_fastfwd.c if (ip_off & IP_DF) { IPSTAT_INC(ips_cantfrag); icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG, 0, mtu); goto consumed; } else { =======8<======== By the time the icmp_error() happens, m has gone through the firewall (see "Step 5:" in ip_fastfwd.c, meaning that outgoing NAT has already happened and that the source address of has already been changed to reflect the one of the gateway. Thus when the icmp_error() takes place the ICMP is not sent to the client. Is this correct? -- You are receiving this mail because: You are on the CC list for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-207087-8-VCh1EUJzBe>